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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1. 136(a). In no event, however, may a reply be timely filed 
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- Failure to reply within the set or extended period for reply wilt, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after t he mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

Responsive to communication(s) filed on 14 August 2007 . 
2a)D This action is FINAL. 2b)[3 This action is non-final. 

3) Q Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) H Claim(s) 1-28 is/are pending in the application. 

4a) Of the above claim(s) 27 and 28 is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) E3 Claim(s) 1-26 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 
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Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
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application from the International Bureau (PCT Rule 17.2(a)). 
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Art Unit: 2135 . 

DETAILED ACTION 

1 . Claims 1-26 have been examined. 

2. A Request for Continued Examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1 .17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous office action 
has been withdrawn pursuant to 37 CFR 1.1 14. Applicant's submission filed on 18 May 
2007 has been entered. 

3. Applicant's amendments and argument have been respectfully and fully 
considered, but are moot in view of new ground rejection as set forth below. It is noted 
that Applicant's arguments are directed towards limitations newly added via 
amendments. 

4. Any objections or rejections not repeated below for record are withdrawn due to 
Applicant's amendment/explanation/cancellation. 

Election/Restrictions 

5. Applicant's election Species I (Claims 1-26) with traverse, in the reply filed on 14 
August 2007 is acknowledged. However, because the Applicant did not distinctly and 
specifically point out the supposed errors in the restriction requirement, the election has 
been treated as an election without traverse (M.P.E.P. § 818.03(a)). 

The Applicant further stated that Species II (Claims 27-28) is hereby withdrawn. 
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Claim Rejections - 35 USC §112 

6. The following is a quotation of the second paragraph of 35 U.S. C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

7. Claims 6-8 and 19-21 are rejected under 35 U.S.C. 112, second paragraph, as 
being indefinite for failing to particularly point out and distinctly claim the subject matter 
which applicant regards as the invention. 

As per claims 6 and19, they recite, "generating pre-enrollment keys for the 
user... only if keys provided by a key administrator... supplied to the key generators". 
However, it appears to the examiner that the key generators generate pre-enrollment 
keys for the user, then why the pre-enrollment keys supplied to the key generators as 
recited in the claims? What is "if keys..." referring to? 

As per claims 7 and 20, they recite, "verifying registration of the user... in 
accordance with a comparison of the final enrollment key". However, the examiner 
cannot find any comparison in the claims. Which key is compare against the final 
enrollment key? 

Any claim not specifically addressed, above, is being rejected as incorporating 
the deficiencies of a claim upon which it depends. 

Claim Rejections - 35 USC § 102 

8. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 
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(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

9. Claims 1-5, 9-18 and 22-26 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Waugh et al. (U.S. Patent No. 6,678,821). 

As per claims 1 and 14, Waugh et al. discloses a method/apparatus ("Method 
and system for restricting access to the private key of a user in a public key 
infrastructure" - Title) comprising: 

storing a private key associated with a user at an authentication server 
("(a) storing a plurality of keys; (b)... whether a prospective user of a key in a plurality of 
keys is the associated user of the key... ." - e.g. col. 2, line 65- col. 3, line 3; "one way of 
conveniently allowing use of both private and public keys is to store such keys on 
servers - as the ID template server 28 and the certificate authority server 34 
respectively... the private keys... from the servers on which these keys are stored" - e.g. 
col. 4, lines 31-37; "Preferably, for each key in the plurality of keys a biometric standard 
determined by measuring a selected feature of the associated user is stored in the key 
storage means" - e.g. col. 2, lines 38-40, "...(a) at least one key storage medium for 
storing a plurality of keys, each key being useable by an associated user in a public key 
infrastructure..." - claim 1 and abstract. Please note ID template server 28 and the 
certificate authority sever 34 corresponds to Applicant's an authentication server); 

receiving a request for access to a service from the user ("Referring to Fig. 

4, there is illustrated a preferred method... of Fig. 1. In step 100, a first user 
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writes or Otherwise generates a message that is to be encrypted and sent to a 
second user. However, the first user does not know his own private key..." - e.g. 
col. 4, line 65 - col. 5, line 2 and "encryption/decryption might be wholly limited to 
the client computer itself, or to a computer isolated from any network. The 
browser might then be used to encrypt documents that are stored on the user's 
computer to preserve confidentiality" - e.g. col. 7, lines 3-7); 

collecting a biometric sample from the user associated via a client 
associated with the user and remote from the authentication server on a network 
(e.g. col. 5, lines 3-15); 

sending the collected biometric sample from the client to the 
authentication server (e.g. col. 5, lines 3-1 5 and col. 7, lines 3-7); 

comparing, at the authentication server, the biometric sample to a 
biometric template associated with the user (step 106 in fig. 4); and 
if a result of the comparing step indicates a match between the biometric sample 
and template for the user (step 108 in fig. 4): 

allowing the private key from the authentication server to be accessed and used 
with the request (e.g. col. 5, lines 22-30); encrypting the request with the private 
key (step 108 in fig. 4 and col. 5, lines 31-33), and 

providing the service with access to a public key corresponding to the private 
key, wherein access to the private key stored at the authentication server for use 
in encrypting the user's request is prevented unless and until the authentication 
server determines that the user's collected biometric sample that was sent by the 



. Application/Control Number: 1 0/61 2,715 Page 6 

Art Unit: 2135 

client matches the biometric template (e.g. step 108 in fig. 4 and col. 5, lines 44- 
53 and claims 1 and 2). 

As per claims 2-3 and 15-16, Waugh et al. further discloses if the result 
indicates a match, generating a digital signature using the private key and for use 
with the request and further providing the digital signature to the service 
associated with the request (e.g. col. 1, lines 52-55, claim 13 and 27) 

As per claims 4 and 17, Waugh et al. further discloses providing a 
biometric signature corresponding to the collected biometric sample to the service 
associated with the request (e.g. col. 5, lines 7-12). 

As per claims 5 and 18, Waugh et al. further discloses comprising: 
allowing the service to determine whether to fulfill a transaction corresponding to the 
request in accordance with the result of the comparing step (e.g. step 108 in fig. 4. 
Please note "if there is..."). 

As per claims 9-11 and 22-24, Waugh et al. further discloses encrypting the 
collected biometric sample for transmission to the authentication server; and including 
integrity information in the encrypted biometric sample and decrypting the encrypted 
biometric sample at the authentication server; and checking the integrity information 
included with the biometric sample (e.g. col.5, lines 22-33 and claim 1) and wherein the 
integrity information includes a unique transaction identifier (e.g. col. 5, lines 3-33 and 
claim 1 . Please note digital identifier corresponds to Applicant's unique transaction 
identifier). 
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As per claims 12 and 25, Waugh et al. further discloses comprising: associating 
user identification information with the private key; and maintaining a digital certificate 
containing the user identification information and the public key corresponding to the 
private key at the authentication server (e.g. col. 5, lines3-8 and col. 6, lines 51-56). 

As per claims 13 and 26, Waugh et al. further discloses wherein the biometric 
sample includes a fingerprint scan (e.g. col. 5, lines 8-12). 

Claim Rejections - 35 USC § 103 

10. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

1 1 . The factual inquiries set forth in Graham v. John Deere Co. , 383 U.S. 1 , 1 48 
USPQ 459 (1966), that are applied for establishing a background for determining 
obviousness under 35 U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating 
obviousness or nonobviousness. 

12. This application currently names joint inventors. In considering patentability of 
the claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of 
the various claims was commonly owned at the time any inventions covered therein 
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were made absent any evidence to the contrary. Applicant is advised of the obligation 
under 37 CFR 1 .56 to point out the inventor and invention dates of each claim that was 
not commonly owned at the time a later invention was made in order for the examiner to 
consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 
prior art under 35 U.S.C. 103(a). 

13. Claims 6-8 and 19-21 are rejected under 35 U.S.C. 103(a) as being unpatentable 
overWaugh et al. (U.S. Patent No. 6,678,821) and further in view of Hale (U.S. Patent 
No. 4,652,698) and Brandys (U.S. Patent No. 7,188,362). 

As per claims 6-8 and 19-21, Waugh et al. does not discloses generating pre- 
enrollment keys for the user; supplying the pre-enrollment keys to respective key 
generators; and generating a final enrollment key for the user only if keys provided by a 
key administrator match the pre-enrollment keys supplied to the key generators, the key 
administrator being a person different than the key generators, verifying registration of 
the user in accordance with a comparison of the final enrollment key; creating the 
biometric template for the user only if registration is verified; and generating the private 
key only if the biometric template is successfully created associating user identification 
information with the final enrollment key. 

However, the above features are well known in the art. Hale et al. discloses the 
common user verification features of generating pre-enrollment keys for the user; 
supplying the pre-enrollment keys to respective key generators; and generating a final 
enrollment key for the user only if keys provided by a key administrator match the pre- 
enrollment keys supplied to the key generators, the key administrator being a person 
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different than the key generators (e.g. abstract) and verifying registration of the user in 
accordance with a comparison of the final enrollment key (e.g. abstract) 

It would been obvious to a person with ordinary skill in the art at the time of the 
invention to combine Hale et al.'s above user verification features with Waugh et al. 
motivated by "verify that user is the proper user" (e.g. abstract) to provide "a security 
system and method" (e.g. abstract). 

Waugh et al. - Hale et al. does not disclose creating the biometric template for 
the user only if registration is verified; and generating the private key only if the 
biometric template is successfully created associating user identification information 
with the final enrollment key. However, this well-known feature is disclosed in Brandys 
(e.g. col. 2, lines 32-38, col. 3, lines 42-53 and claim 1). 

It would have been obvious to a person with ordinary skill in the art to combine 
the well-known features of Brandys' with Waugh et al motivated by "a need for new and 
improved systems for authenticating messages. The system should analyze biometric 
information as provided by the user as part of the authentication process. The system 
should also include features to safeguard the keys that are used in the authentication 
process. 

Conclusion 

14. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. (See PTO - 892) 
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Contact Information 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to April Y. Shan whose telephone number is (571) 270- 
1014. The examiner can normally be reached on Monday - Friday, 8:00 a.m. - 5:00 
p.m., EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Y. Vu can be reached on (571) 272-3859. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 





25 October 2007 
AYS 



SUPERVISORY PATENT 
TEC!-«.QSY CENTER?" 



